CVE-2019-25646

CRITICAL 9.8

Tabs Mail Carrier 2.5.1 Buffer Overflow via MAIL FROM

CVSS Score

9.8

EPSS Score

0.2%

EPSS Percentile

43th

Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25 and send a malicious MAIL FROM command with an oversized buffer to overwrite the EIP register and execute a bind shell payload.

CWE	CWE-787
Vendor	tabs
Product	mail carrier
Published	Mar 24, 2026
Last Updated	Mar 24, 2026

Stay Ahead of the Next One

Get instant alerts for tabs mail carrier

Be the first to know when new critical vulnerabilities affecting tabs mail carrier are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Tabs / Mail Carrier

2.5.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/46547 vulncheck.com: https://www.vulncheck.com/advisories/tabs-mail-carrier-buffer-overflow-via-mail-from

Credits

Joseph McDonagh